CrawlJobs Logo
NTT DATA Logo NTT DATA · IT - Software Development

Test Manager - Application Security & Penetration testing

Malaysia, Kuala Lumpur · Job Posted January 26, 2026
Apply Position
Job Link Share

Job Description

The Test Manager for Application Security and Penetration Testing will enhance the security posture of enterprise applications through hands-on penetration testing, secure code reviews, and vulnerability assessments. The Manager, Application Security is responsible for strengthening our enterprise application security posture. This is a hands-on individual contributor role responsible for performing penetration testing, secure code review, software composition analysis, container image assurance, and vulnerability assessments, as well as managing findings and supporting compliance with financial industry regulations. The role requires strong technical expertise, practical testing skills, and familiarity with regulatory requirements such as MAS TRM Guidelines and BNM RMiT Policy Document.

Job Responsibility

  • Conduct penetration testing for web, mobile, and API applications
  • Perform secure code reviews, software composition analysis, and container mage assurance to identify vulnerabilities early in the SDLC
  • Perform vulnerability assessments for applications, middleware, and supporting systems
  • Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys
  • Triage, validate, and prioritise security findings from security assessments
  • Work with development, DevOps, and infrastructure teams to ensure timely remediation
  • Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards
  • Provide guidance to developers and project teams on secure coding practices
  • Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Maintain security documentation and provide evidence for audits and regulatory reviews
  • Ensure compliance with internal policies, regulatory obligations, and industry best practices
  • Support audits, risk assessments, and regulatory inspections involving application security

Requirements

  • Bachelor’s degree in information security, Computer Science, or related field
  • Professional certifications such as CREST, OSCP+, OSEP, or GPEN
  • 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications
  • Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments
  • Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors
  • Hands-on expertise with security testing tools mentioned above
  • Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements
NTT DATA - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Test Manager - Application Security & Penetration testing

8 matching positions

Test Manager - Application Security & Penetration Testing

The Manager, Application Security is responsible for strengthening our enterpris...
Location
Location
Malaysia , Kuala Lumpur
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in information security, Computer Science, or related field
  • Professional certifications such as CREST, OSCP+, OSEP, or GPEN
  • 7+ years of IT security experience, with at least 4 years of direct experience in project-based and annual penetration testing for web, mobile, and API applications
  • Experienced in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments
  • Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors
  • Hands-on expertise with security testing tools
  • Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements
Job Responsibility
Job Responsibility
  • Conduct penetration testing for web, mobile, and API applications
  • Perform secure code reviews, software composition analysis, and container image assurance to identify vulnerabilities early in the SDLC
  • Perform vulnerability assessments for applications, middleware, and supporting systems
  • Utilise industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua and Qualys
  • Triage, validate, and prioritise security findings from security assessments
  • Work with development, DevOps, and infrastructure teams to ensure timely remediation
  • Track and report remediation progress, ensuring closure within timelines required by regulatory instruments and Technology Security Standards
  • Provide guidance to developers and project teams on secure coding practices
  • Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Maintain security documentation and provide evidence for audits and regulatory reviews
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

As a Security Engineer, Application Security you will be responsible for identif...
Location
Location
United States , San Francisco; Seattle; New York City
Salary
Salary:
260000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats
  • Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines
  • Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies
  • Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts
  • Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents
  • Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

As a Security Engineer, Application Security you will be responsible for identif...
Location
Location
United States , New York City; San Francisco; Seattle
Salary
Salary:
260000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats
  • Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines
  • Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies
  • Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts
  • Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents
  • Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

As a Security Engineer, Application Security you will be responsible for identif...
Location
Location
United States , Seattle; San Francisco; New York City
Salary
Salary:
260000.00 - 385000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in information security, cybersecurity, or a related field, with a significant portion of that experience in leadership or management roles
  • Deep understanding of security technologies, tools, and best practices, including experience with secure coding practices, threat modeling, risk assessments, and incident response
  • Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks
  • Proficiency in programming languages (such as Python, Java, C++, etc.), knowledge of security tools (e.g., Burp Suite, OWASP ZAP), and familiarity with security protocols and encryption methods
  • Strong written and verbal communication skills, with the ability to explain complex security issues to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Perform Security Assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Develop and Implement Security Tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats
  • Collaborate with Development Teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines
  • Threat Modeling and Risk Assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies
  • Vulnerability Management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts
  • Incident Response Support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents
  • Stay Current on Security Trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick and safe time (1 hour per 30 hours worked)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Application Security

This is an opportunity to join K's critical InfoSec team as a Senior Security En...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
khealth.com Logo
K Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
  • Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
  • Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
  • Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
  • Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
  • Expertise in compliance, security, and regulatory areas such as
  • HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
  • Flexibility in covering a rotation for critical on-call support responsibilities
Job Responsibility
Job Responsibility
  • Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
  • Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
  • Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
  • Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
  • Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
  • Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines
What we offer
What we offer
  • Hybrid work schedule with weekly lunches and stocked fridges
  • Monthly social committees for company events
  • 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
  • Stock options for every full-time employee
  • Paid parental leave
  • 401k benefit
  • Commuter Benefits
  • Competitive health, dental, and vision insurance options
  • Fulltime
Read More
Arrow Right

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right

Client Information Security Manager (ISM)

The NTT DATA Services Information Security Manager (ISM) oversees and coordinate...
Location
Location
United States , Plano
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 12+ years of relevant experience
  • Strong knowledge of standards / regulations impacting information security (e.g., NIST, ISO, PCI)
  • Experience with information security internal & external audits, contract compliance, and quality initiatives
  • Significant experience in identifying and utilizing a global risk based management model.
Job Responsibility
Job Responsibility
  • Ensure the delivery of information security services to the customer is in compliance with the contract and any applicable standards and regulatory requirements (e.g., PCI, SOX)
  • Collaborate with the client in the definition and implementation of information security policies, strategies, procedures and configurations in order to ensure confidentiality, integrity and availability of client’s environment and data
  • Participate with the customer in the strategic design process to translate security and business requirements into processes and systems
  • Evaluate new / emerging security products and technologies and make recommendations to customer leadership in regards to the security posture impact on the organization
  • Identify, review and recommend information security improvements as they relate to the achievement of the customer’s business goals and objectives
  • Manage and drive remediation efforts related to information security
  • remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
  • Identify information security weaknesses and/or gaps in the customer’s current operations and work with the customer to bring information security operations up to standards
  • Participate and represent IT Security in Delivery/Operational meetings
  • conduct an information security operational review meeting with account (e.g., Customer Delivery Executive) and customer (e.g., CISO) key stakeholders with topics including information security status and performance
  • Fulltime
Read More
Arrow Right

Csis Security Manager - Vice President

CSIS is a corporate security function operating across more than 100 countries. ...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree or equivalent relevant qualifications and/or apprenticeships/ vocational training programs
  • Ideally, 7+ years security management experience in a corporate, regulatory, consultancy or defence and law enforcement environment
  • Experience working in a corporate or financial services security team in a leadership role
  • A deep understanding of security operations, processes, and controls with demonstrated experience in designing a security program at facility level
  • A strong understanding of applicable local laws/statutes as they relate to security
  • Demonstration of verbal and written communication skills in English and fluency in one official local language
  • Managed team of security professionals and contingent staff
  • Performed critical evaluations of staff to raise operational effectiveness and efficiency
  • Proven experience of providing leadership in managing crisis events or significant security incidents
  • Demonstrated ability to find agile solutions to manage a dynamic threat or risk
Job Responsibility
Job Responsibility
  • Manage and coordinate the security and safety services in Citi Chennai for all Citi businesses
  • Develop a local security program and procedures that conform to the Citi Security Policy and Citi Security Standards
  • Ensure the program meets business requirements and local legal and regulatory requirements
  • Design incident response plans and take the lead during physical security and safety incidents
  • Manage day-to-day operational activities in area of responsibility as well as emergency response, crisis response and recovery functions
  • Maintain, and find ways to improve, current security policies and procedures
  • Manage multiple vendor relationships
  • Collaborate with peers, leadership team and Industry contact to understand risk profile of properties within span of control
  • Keep abreast of security industry standards, technologies and systems
  • Execute efficiently under tight time constraints
  • Fulltime
Read More
Arrow Right